From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com [209.85.167.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B8DA43C06A for ; Tue, 31 Mar 2026 17:43:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.52 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774979002; cv=none; b=YMEeki+yOzmvC97T+JxYubDlNk+KGhesDGE/OuG1IQWFA7063wKu7dfvB8N6ayUJ9EG8Odma/q2nEzsjzGoBaVnuN8Cnq+apCNsK1VuI+Y+x7WQ7D9bwoAqV22e61oEgfN4WMdFZvc/ZiRzyooAq0ucnZLPMOvWBNYPfckZdUhQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774979002; c=relaxed/simple; bh=O50pkFQ0l2c1cf2AUB0DrY44SqHsG8RZIsoZJoHp9Fg=; h=From:Date:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=kqiXx758Ix2RC5DEXzMYtgPmm436j59hbSEgoxA9qAkPjevEIjMNz9bEGaqOaGLq/hCeJCdkWN82dxMQQFRC4alFsA/4GEsPHXnOQYb5nOP81iHuqQdiu53tCkxBn3OZ+wXNf3/yVAX3BegTleiMIlPzGkrzONz5k5CS0uK+D/c= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YTppmWm3; arc=none smtp.client-ip=209.85.167.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YTppmWm3" Received: by mail-lf1-f52.google.com with SMTP id 2adb3069b0e04-5a12cd0bcd8so4693081e87.3 for ; Tue, 31 Mar 2026 10:43:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774978997; x=1775583797; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:from:to:cc:subject:date:message-id:reply-to; bh=nSwAkFr6yY2Ua+7QC/2fypo+mnk8RtVfMIkrusL4iuk=; b=YTppmWm3F+qaUHMgs8Lzp9F+ecLPS7sVEJ2a5WFvqNf74fGEWwJNWadxQTjJ91p6yH 03CA+pVUrwbZYLlljpe4uwonWKzihByVDJLm8Tg/8AUz8EL27zC5SeaorPNbzSFAyYe0 obevjzaUMThTq8KNBiNGlzcJj9T2N09kQ08F7E1u2R9sqygQC6p+LxcJvCJmz933TSZe a0L46rsDEnnX9Rbs5LKr8VJrPKnDWYZCUhROrC8LmvXDKBz4UJSf08NB1UOjl1/7ghac DvD4X1sYkv/FCZaSgDXFu8+nCbPr4Qi42YuWawQjkt+hkNeLpD0ZJ6ElVs/AxrqprGkt Y5wQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774978997; x=1775583797; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:date:from:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nSwAkFr6yY2Ua+7QC/2fypo+mnk8RtVfMIkrusL4iuk=; b=JpHwXetfxrqj795e1bddVqHbCk+dr52djb/5L/hOajHYUwd4u98UOIQltzXuALUK19 3Xkeb+rV8ScTC5YsBkigju8fUW7tN/RvF9a6LmrZoeJQOFTCqLs+YNHuLYOyKKB7UsNO w2lLFmz9vsJyF8c36ePgCerEuOGXqkMKvjT41L8A8iXPYdCwh3HNgAtbW93U0WuOnsMh 3NiXGc/qVi86eQXRnrR/sPrsOjwK5azvdrFEiTGwbY/1gzczWB715kBw4a/9aZ/VmAXp OjfXRUxdEvZYxnXiXA1Sy2eaud1ArNJu2tHzGXsQBV7jdFjaUcoRDoUmQA+F4qbRX8Qb 04dw== X-Forwarded-Encrypted: i=1; AJvYcCUIs1aC/tgYyIMfrAOWWx8zUL8vvOkBVGfmJdtbA3jhSm/X1ytZIs5aU3xt+WCrYYE9hDqdYFN2iCWYbtk=@vger.kernel.org X-Gm-Message-State: AOJu0YwnvW8Bwz0JFHcgtoWPdUgm+uIgyBJUP0bkeqT/04CR6tqG4tEl r6r4Dqh4P0lYKmb+70noWvSRAFfnAapd+ps3o3ZUAtv/EtfTPWAkiTz7bG8xmjS5 X-Gm-Gg: ATEYQzwvUZwlSzf1fsnRt8UUcW33ClUrKk0BY9peCrO1r7c7KZQd9lWIChleSM9Ogmz 1OWm36/fTHeQsvwuIuAsNQtGQGBpXIN+mo9FBPXEh3C3rEHno2Qi10lL+QYRE4LNyudwsEZyVbC QTL+97yn9SwuFIou/i7i7gN3/l3K398N8dFK6Jta94TMKxXPmpkJIg2pn7Wp5eUFZ94X4SCkuin LUwJf/NVArXyWz/UVE9zm56iPpSlmFi9VjQxh/sL3oG6WO41zC74HjhyGnoAD5p9wmjVjTnXfvE Uc924WYkNWBdKtMLK+j/X2IU1RAJgF7ZWwbS9oTaHoOfxSVtU20Swkm/uRpcRbV7wnxtY8R3j0Q I3c45JY0u92FCKJoEnxJt0panh6Cpo5UmKvHnJqIFMRLSFP/5Ycsg115+S6FQIJ5BfQ73OkNdXE 8= X-Received: by 2002:a05:6512:1381:b0:5a2:aa50:4c55 with SMTP id 2adb3069b0e04-5a2c1f06cccmr129486e87.8.1774978996672; Tue, 31 Mar 2026 10:43:16 -0700 (PDT) Received: from milan ([2001:9b1:d5a0:a500::24b]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5a2b1456eb9sm2579159e87.69.2026.03.31.10.43.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 31 Mar 2026 10:43:16 -0700 (PDT) From: Uladzislau Rezki X-Google-Original-From: Uladzislau Rezki Date: Tue, 31 Mar 2026 19:43:14 +0200 To: shivamkalra98@zohomail.in Cc: Andrew Morton , Uladzislau Rezki , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Alice Ryhl , Danilo Krummrich Subject: Re: [PATCH v8 4/6] mm/vmalloc: use READ_ONCE() for vmalloc nr_pages status readers Message-ID: References: <20260327-vmalloc-shrink-v8-0-cc6b57059ed7@zohomail.in> <20260327-vmalloc-shrink-v8-4-cc6b57059ed7@zohomail.in> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260327-vmalloc-shrink-v8-4-cc6b57059ed7@zohomail.in> On Fri, Mar 27, 2026 at 03:18:40PM +0530, Shivam Kalra via B4 Relay wrote: > From: Shivam Kalra > > The vmalloc status readers (vmalloc_info_show(), show_numa_info(), and > vmalloc_dump_obj()) currently read v->nr_pages and the v->pages array > without any concurrent protection. > > In preparation for vrealloc() shrink support, where v->nr_pages can > be decreased and entries in the v->pages array can be nulled out > concurrently, these readers must be protected to prevent use-after-free > or NULL pointer dereferences. > > Update these functions to use READ_ONCE() when accessing v->nr_pages > and v->pages[nr]. This ensures the compiler does not re-fetch these > values and provides a consistent view of the vmap area's state. > Additionally, in show_numa_info(), explicitly check for a NULL page > pointer before dereferencing it to avoid potential crashes if a page > was concurrently removed during a shrink operation. > > Signed-off-by: Shivam Kalra > --- > mm/vmalloc.c | 19 +++++++++++++------ > 1 file changed, 13 insertions(+), 6 deletions(-) > > diff --git a/mm/vmalloc.c b/mm/vmalloc.c > index ddb689bf9ba5..c6bdddee6266 100644 > --- a/mm/vmalloc.c > +++ b/mm/vmalloc.c > @@ -5189,7 +5189,7 @@ bool vmalloc_dump_obj(void *object) > vm = va->vm; > addr = (unsigned long) vm->addr; > caller = vm->caller; > - nr_pages = vm->nr_pages; > + nr_pages = READ_ONCE(vm->nr_pages); > spin_unlock(&vn->busy.lock); > Here is it protected by the spin-lock. > pr_cont(" %u-page vmalloc region starting at %#lx allocated at %pS\n", > @@ -5210,7 +5210,7 @@ bool vmalloc_dump_obj(void *object) > static void show_numa_info(struct seq_file *m, struct vm_struct *v, > unsigned int *counters) > { > - unsigned int nr; > + unsigned int nr, nr_pages; > unsigned int step = 1U << vm_area_page_order(v); > > if (!counters) > @@ -5218,8 +5218,13 @@ static void show_numa_info(struct seq_file *m, struct vm_struct *v, > > memset(counters, 0, nr_node_ids * sizeof(unsigned int)); > > - for (nr = 0; nr < v->nr_pages; nr += step) > - counters[page_to_nid(v->pages[nr])] += step; > + nr_pages = READ_ONCE(v->nr_pages); > + for (nr = 0; nr < nr_pages; nr += step) { > show_numa_info() also is protected: if (IS_ENABLED(CONFIG_NUMA)) show_numa_info(m, v, counters); seq_putc(m, '\n'); } spin_unlock(&vn->busy.lock); > + struct page *page = READ_ONCE(v->pages[nr]); > + > + if (page) > + counters[page_to_nid(page)] += step; > + } > for_each_node_state(nr, N_HIGH_MEMORY) > if (counters[nr]) > seq_printf(m, " N%u=%u", nr, counters[nr]); > @@ -5247,6 +5252,7 @@ static int vmalloc_info_show(struct seq_file *m, void *p) > struct vmap_area *va; > struct vm_struct *v; > unsigned int *counters; > + unsigned int nr_pages; > > if (IS_ENABLED(CONFIG_NUMA)) > counters = kmalloc_array(nr_node_ids, sizeof(unsigned int), GFP_KERNEL); > @@ -5276,8 +5282,9 @@ static int vmalloc_info_show(struct seq_file *m, void *p) > if (v->caller) > seq_printf(m, " %pS", v->caller); > > - if (v->nr_pages) > - seq_printf(m, " pages=%d", v->nr_pages); > + nr_pages = READ_ONCE(v->nr_pages); > + if (nr_pages) > + seq_printf(m, " pages=%d", nr_pages); > > if (v->phys_addr) > seq_printf(m, " phys=%pa", &v->phys_addr); > > vmalloc_info_show() is also protected. I do not see why we need this patch. Am i missing something? -- Uladzislau Rezki